Skip to content

Commit 7d9a3c2

Browse files
author
AaronWander
committed
secrets: allow allowInsecurePath for file providers
1 parent eabda6e commit 7d9a3c2

File tree

5 files changed

+16
-2
lines changed

5 files changed

+16
-2
lines changed

src/config/config.secrets-schema.test.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ describe("config secret refs schema", () => {
2626
path: "~/.openclaw/secrets.json",
2727
mode: "json",
2828
timeoutMs: 10_000,
29+
allowInsecurePath: true,
2930
},
3031
vault: {
3132
source: "exec",

src/config/types.secrets.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,7 @@ export type FileSecretProviderConfig = {
187187
mode?: FileSecretProviderMode;
188188
timeoutMs?: number;
189189
maxBytes?: number;
190+
allowInsecurePath?: boolean;
190191
};
191192

192193
export type ExecSecretProviderConfig = {

src/config/zod-schema.core.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ const SecretsFileProviderSchema = z
101101
.positive()
102102
.max(20 * 1024 * 1024)
103103
.optional(),
104+
allowInsecurePath: z.boolean().optional(),
104105
})
105106
.strict();
106107

src/secrets/resolve.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,7 @@ async function readFileProviderPayload(params: {
289289
const secureFilePath = await assertSecurePath({
290290
targetPath: filePath,
291291
label: `secrets.providers.${params.providerName}.path`,
292+
allowInsecurePath: params.providerConfig.allowInsecurePath,
292293
});
293294
const timeoutMs = normalizePositiveInt(
294295
params.providerConfig.timeoutMs,

src/secrets/runtime.test.ts

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -567,7 +567,12 @@ describe("secrets runtime snapshot", () => {
567567
config: asConfig({
568568
secrets: {
569569
providers: {
570-
default: { source: "file", path: secretFile, mode: "json" },
570+
default: {
571+
source: "file",
572+
path: secretFile,
573+
mode: "json",
574+
...(process.platform === "win32" ? { allowInsecurePath: true } : {}),
575+
},
571576
},
572577
},
573578
models: {
@@ -658,7 +663,12 @@ describe("secrets runtime snapshot", () => {
658663
config: asConfig({
659664
secrets: {
660665
providers: {
661-
default: { source: "file", path: secretFile, mode: "json" },
666+
default: {
667+
source: "file",
668+
path: secretFile,
669+
mode: "json",
670+
...(process.platform === "win32" ? { allowInsecurePath: true } : {}),
671+
},
662672
},
663673
},
664674
models: {

0 commit comments

Comments
 (0)